[tor-bugs] #17857 [Core Tor/Tor]: Create a consensus param to disable (netflow) padding if RSOS is enabled

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Jun 28 22:27:29 UTC 2017


#17857: Create a consensus param to disable (netflow) padding if RSOS is enabled
----------------------------------+------------------------------------
 Reporter:  teor                  |          Owner:  mikeperry
     Type:  enhancement           |         Status:  needs_revision
 Priority:  Medium                |      Milestone:  Tor: 0.3.1.x-final
Component:  Core Tor/Tor          |        Version:
 Severity:  Normal                |     Resolution:
 Keywords:  tor-hs, single-onion  |  Actual Points:
Parent ID:                        |         Points:  1
 Reviewer:                        |        Sponsor:
----------------------------------+------------------------------------
Changes (by teor):

 * status:  needs_review => needs_revision


Comment:

 Replying to [comment:29 mikeperry]:
 > I added a fixup to use the rend_service accessor.

 Thanks!

 There's a redundant check of `get_options()->HiddenServiceSingleHopMode`
 in channel_do_open_actions():
 {{{
 -        || (get_options()->HiddenServiceSingleHopMode &&
 +        || (rend_service_allow_non_anonymous_connection(get_options()) &&
 +            get_options()->HiddenServiceSingleHopMode &&
 }}}

 Once that's fixed, please flip the ticket to merge_ready.

 > For the rest of it, we're a bit late in the game to decide that we want
 to have a new negotiation mechanism to disable one-ended padding.
 Furthermore, if the padding overhead starts crushing us even before all
 clients and relays have upgraded to use padding fully yet, we should just
 disable the entire netflow padding feature and figure out how to deal with
 that problem, rather than polluting the code with more complicated kill
 switches and negotiation methods based on guesses about what might cause
 problems, especially for issues that will only be a problem for a short
 period of time.

 Yes, that would require HSDirs and Intro Points and Rend Points to know
 when they are connected to a single onion service or Tor2web, which is
 possible (except for single onion -> HSDir, which is 3 hops). But that
 code hasn't been written yet (see #22688 and #22689). And then we'd need
 to add another kill switch for these cases.

 If you don't think that's necessary, that's ok. But it could be a year or
 two before this code is running on most single onion services. And we
 might deprecate v2 hidden services and Tor2web before it's ever running on
 most Tor2web instances.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17857#comment:30>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list